DOCSLIB.ORG

Scanned Document

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Scanned Document (;:S(;-t:.t'L-ts~' uu~ NATIONAL COMPUTER SECURITY CENTER "\ FINAL EVALUATION ·REPORT OF HON.EV-WELL MlJt Tl€S FINAL EVALUATION REPORT HONEYWELL INFORMATION SYSTEMS MULTICS MRll .O NATIONAL COMPUTER SECURITY -CENTER 1 aa.o.o Savage R.Q&1 . ~ George G..... Meade Maryland ·2Q755- 6000 June 1,... 1986 CSC- EPL- 85/003 Library No. 8227,783 Final Evaluation Report Honeywell Multics MRll.O CSC-EPL-85/003 Library No. S227 , 783 FOREWORD This publication, the Final ~valuation Report Honeywell Information Systems, Multics MRll.O, is being issued by the National Computer Security Center under the authority of and in accordance with DoD Directive 6125.1, "Computer Security Evaluation Center". The purpose of this report is to document the results of the formal evaluation of Honeywell 's Multics MRll . O operating system. The requirements stated in this report are taken from DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (CSC-STD-001-83) dated 15 August 1983. Approved: June 1, 1986 Eliot Sohmer Chief , Standards and Products National Computer Security Center - iii - June l, 1986 Final Evaluation Report Honeywell Multics MRll.O ACKNOWLEDGEMENTS ~ Members Team members· included the following individuals, who were provided by the following organizations: The Aerospace Corporation Los Angeles, California Deborah D. Downs National Computer Security Center Cornelius J. Haley Fort Meade, Maryland Grace Hammonds David J. Lanenga First Information Systems Group Maria M. Pozzo The Pentagon W. Olin Sibert Eric J. Swenson The MITRE Corporation Grant M. Wagner Bedford, Massachusetts Oxford Systems, Inc. Arlington, Massachusetts Further Acknowledgements Technical support was also provided by F. Patrick Clark, Mindy D. Makuta, Sammy Migues, and Jay Steinmetz. ~cknowledgement is given to the following individuals for their contributions. to this document: Walter s. Bond, Ann Marie Claybrook, Virgil D. Gligor, Jaisook Landauer, and Paui Woodie. June l, 1986 - iv - Final Evaluation Report Honeywell Multics MRll.O CONTENTS Page Foreword . iii Acknowledgements iv Executive Summary ix Section 1 Introduction l Evaluation Process Overview 1 Document Organization 2 Section 2 System Overview . 3 Background and History . 3 Multics System Architecture 4 Multics Hardware . 5 Major Hardware Components . 5 CPU - Central Processing Unit 6 SCU - System Control Unit and Memory 6 IOM - Input/Output Multiplexer . 7 MPC - Microprogrammed Controller . 7 FNP - Front- End Network Processor 8 Hardware Protection Mechanisms 9 Per-Segment Access Control . 9 Effective Ring Number in Addressing 10 Gates and Ring Changing 11 Privileged CPU Instructions 13 IOM Protection Mechanisms 14 MPC Protection Mechanisms 15 Software Architecture 16 Software Ring Usage . 17 Ring Zero TCB Functions 18 Ring One TCB Functions 22 D~dicated TCB Processes 24 TCB-Protected Resources 26 Objects Implemented by the TCB 27 Segments . 27 Directories 28 Message Segments 28 Messages . 28 Non-System I / O Devices, Disk and Tape Volumes . 29 Communication Channels . 29 System Disk Volumes (Logical Volumes) . 30 Processes· (Interprocess Communication) 30 Object Access Modes . 31 Segment Access Modes . 31 - v - June 1, 1986 Page Directory Access Modes . 32 Message Segment Extended Access Modes . 34 RCP Access Modes . 36 Logical Volume Access Modes 37 Communication Channel Access Modes 38 Process Access Modes . 38 Discretionary Access Controls . 39 Mandatory Access Controls . 41 TCB Protection Mechanisms . 43 Use of Hardware Protection Mechanisms 43 Use of CPU Protection Mechanisms 43 Use of I/O Protection Mechanisms 44 Software Protection Architecture 46 Access Revocation 48 Audit Message Logging 49 Parameter Validation . 49 The Validation Level . 61 Mandatory Access Control Privileges 6 1 Software Recovery From System Failure . 62 Object Reuse - Segments . 63 Object Reuse - Non- Segment Objects 56 Safe Shutdown and the File System 56 File System Salvaging and Consistency . 56 Covert Channel Management 57 Section 3 Evaluation as a B2 system . 61 Discretionary Access Control . 61 Additional Requirement (B3) 62 Object Reuse . 63 Labels . .. 64 Label Integrity . 66 Exportation of Labeled Information 66 Exportation to Multilevel Devices 67 Exportation to Single-Level Devices 69 Labeling Human-Readable Output 69 Subject Sensitivity Labels . .. 71 Device Labels . 72 Mandatory Access Control . 72 Identification and Authentication 74 Trusted Path . 76 Audit . 77 System Architecture 79 System Integrity . 81 Covert Channel Analysis 82 Trusted Facility Management 83 Security Testing . 83 Design Specif!cation and Verification 86 June 1, 1986 - vi - Page Configuration Management 86 Security Features User's Guide 87 Trusted Facility Manual . 88 Test Documentation . 90 Design Documentation 91 Section 4 Software Testing 93 Functional Testing . 93 Penetration Testing 94 Test Results . 95 Section 5 Evaluators' Comments 97 Overall Impressions 97 Protected Subsystems . 97 Reconfiguration 98 Denial of Service 98 Appendix A Evaluated Hardware Components A-1 Scope of Hardware Evaluation A-1 List of Evaluated Components A-1 Central System Combinations A-2 Additional CPUs and CPU Enhancements A-2 Additional IOMs and IOM Enhancements A-3 Additional SCUs and Memory . A-3 Disk MPCs and Options . A-3 Tape MPCs and Options . A-4 Unit Record MPCs and Options . A-4 Communication Processors and Options A-4 Peripheral Equipment (not evaluated) A-5 Appendix B Evaluated Software Components . B-1 Scope of Software Evaluation B-1 Multics Central System TCB . B-1 Ring Zero TCB . B-1 Ring One TCB . B-2 TCB Support Code B-2 Dedicated TCB Processes . B-3 System Administration B-3 System Initialization B-4 TCB I nterfaces . B-5 Gates . ~ . B-5 Other TCB "rnterfaces B-6 MPC Firmware . B-7 FNP Software . B-7 Non-Evaluated Software . B-7 Functions Excluded from the TCB B-7 Ring Two Non-TCB Software . B-8 Remainder of Multics Software . B-8 - vii - June 1. 1986 This page intentionally left blank. Final Evaluation Report Honeywell Multics MRll.O Executive Summary EXECUTIVE SUMMARY The security protection provided by the Honeywell Multics MRll .O operating system, with the B2-specific changes(l) applied, configured according to the most secure manner described in the Trusted Facility Manual, and running on the Honeywell Level 68/DPS or Honeywell DPS 8/ 70M multiprocessor has been evaluated by the National Computer Security Center (NCSC). The security features of Multics were evaluated against the requirements specified by the DoD Trusted Computer System Evaluation Criteria (the Criteria) dated 15 August 1983. The NCSC evaluation team (see page iv, "Team Members") has determined that the highest class at which Multics satisfies all the specified requirements of the Criteria is class B2 and therefore, usirig the specified hardware (see page A- 1, "Scope of Hardware Evaluation"), Multics MRll.O (see page B- 1, "Scope of Software Evaluation"), configured. in the most secure manner described in the Trusted Facility Manual, has been assigned a class B2 rating. A system that has been rated as being a class B2 system provides a TCB that is based on a clearly defined and documented formal security policy model that requires the discretionary and mandatory access control enforcement be extended to all subjects and objects in the ADP system. In addition, covert channels are addressed. The TCB must be carefully structured into protection-critical and non-protection-critical elements. The TCB interface is well-defined and the TCB design and implementation enable it to be subjected to more thorough testing and more complete review. Authentication mechanisms are strengthened, trusted facility management is provided in the form of support for system administrator and operator functions, and stringent configuration management controls are imposed. The system is relatively resistant to penetration. A system that has been rated as being a B division system provides a Trusted Computing Base (TCB) that preserves the integrity of sensitivity labels and uses them to enforce a set of mandatory access control rules. The system developer has I I (1) A set of "security critical fixes", distributed by Honeywell, must be applied to make the standard MRll .O release fully B2-compliant, because of minor inconsistencies discovered during security testing. - ix - June 1, 1986 Honeywell Multics MRll.O provided the security policy model on which the TCB is based and furnished a specification of the TCB and evidence that the reference monitor concept ~as been ~mplemented. The Honeywell Multics system consists of the Multics operating system running on Honeywell Level· 68/DPS or DPS 8/70M mainframes . These systems include Multics-specific hardware to support the Multics system architecture and protection mechanisms. A large Multics system may be configured with up to six processors and can support three hundred to four hundred users. Multics can be used in a wide variety of environments . The Multics operating system is a general- purpose time-sharing system with strong security features . Multics has three basic security mechanisms . The hardware supported protection rings and segmentation provide tightly controlled separate domains of execution. The Access Isolation Mechanism (AIM) provides mandatory access control. The Access Control Lists (ACLs) provide discretionary access controi. June 1, 1986 - x - Final Evaluation Report Honeywell Multics MRll.O Introduction INTRODUCTION In December 1982, the National Computer Security Center (NCSC) began a formal product evaluation
Load more

Recommended publications
  • The Multics System, 1975
    Honeywell The Multics System O 1975,1976,Honeywell Information Systems Inc. File No.:lLll - -- - ecure A Unique Business Problem-SolvingTool Here is a computer techniques are available to system that enables data all users automatically processing users to control through the Multics operating and distribute easily accessi- supervisor. ble computer power. The Because it is a unique Honeywell Multics System combination of advanced represents an advanced computing theory and out- approach to making the com- standing computer hardware, puter an integral, thoroughly Multics can provide an infor- reliable part of a company's mation service system more operation. advanced than any other yet The Multics System available. replaces many of the proce- Honeywell offers, as dures limiting conventional part of its advanced Series 60 systems and sweeps away line, two models for Multics - many of the factors that have the Model 68/60 and the restricted the application of Model 68/80. computers to routine data While contributing sig- processing assignments. nificantly to the application Now-with Multics - diversity of the Series 60 the computer becomes a family, these Multics systems responsive tool for solving also enable Honeywell to challenging business accommodate more efficiently problems. the computing needs of The Multics System today's businesses. incorporates many of the most user-oriented program- ming and supervisory tech- niques yet devised. These Multics is Transaction Processing -and More Although Multics is by Ease of accessibility, design a transaction oriented, featuring a simple and con- interactive information sys- sistent user interface for all tem, its functional capability types of services. There is no encompasses the full spec- job control or command trum of a general purpose language to learn and an computer.
    [Show full text]
  • ••••It•• G981 &911651, Elateferyl
    DOC~D:j 4009J726 TOP SICRIT WaJUOl!JWaJl1 t?l!CBl!JrnVU~ £iJl]l!WIB~ (r(!JllJU ~(51]Uj~(5 ~" W15allDl5 f WaJUJ~l1wrnlD J / P . L . 86-36 . WHEN CENSORSHIP BACKFIRES ....... ; .. ;~ .... James Killough .. ,/. , 0 ••••• 1 IDESKPAD: A PROGRAMMER' s TOOL •••• _1:: :\ :: ,_,------!: <:; ·::::: ~ ,________ __, ,; .••••• 9 IN PRAISE OF SOLITS ..................... Louis C. Grant .... •...... 12 NOTES ON BLUE RUSSIAN .................. ~ f ...... 12 NATIONAL CRYPTOLOGIC SCHOOL OFFERS COURSE-EQUIVALENCY TESTS ..................................... 13 'f'lllS B00tiM~N'f eoN'FAtlNS CJOBIW9RB MAt'l'IRIAtL et J2 J t.1 BlltN8A/elle88 (N81'/e88M 111-1) ••••It•• G981 &911651, Elateferyl .TOP SECRET Bedawif) tfpou Nuliluiliw b1 tile 81 .... eclassified and Approved for Release by NSA on -10--1-1-20'1.2 pursuant to E.O. '13526. vlDR Case# 54778 DOCID: 4009726 TOP SECRET Published Monthly by Pl, Techniques and Standards, for the Personnel of Operations VOL . II , No • 11 NOVEMBER 1975 PUBLISHER WILLIAM LUTWINIAK BOARD OF EDITORS Editor in Chief ............ Arthur J. Salenune (5642s) Cryptanalysis ...•.......... .__ ______.ltlW25s} · · P.L. 86- 36 Language .•.....••.......... Emery W. Tetrault (5236s) Machine Support. ......... · I t33zl.~) Special Research ........... Vera R. Filby (7119s) Traffic Analysis .•.••..•••• Frederic 0. Mason, Jr. (4142s) For individual subscriptions send name and organizational designator to: CRYPTOLOG, Pl TOP SECRET DOCID: 4009726 'fOP SECRET t:rl'.4RRA Jiitt;J. GIZll!ll bww. 86-36 Theodore Shabad is one of the preeminent Ameri­ "director of a-plant," and another was a per­ can experts on Soviet physical and economic geogra­ son identified as First Secretary of "a City phy. He is the author of Geogruphy of the USSR Committee of the Communist Party." Both were (1951), Basia Industr>ial Resources of the USSR members of the Central Committee of the Tadzhik (1969), and China's Changing Map (1972).
    [Show full text]
  • Multics Security Evaluation: Vulnerability Analysis*
    * Multics Security Evaluation: Vulnerability Analysis Paul A. Karger, 2Lt, USAF Roger R. Schell, Maj, USAF Deputy for Command and Management Systems (MCI), HQ Electronic Systems Division Hanscom AFB, MA 01730 ABSTRACT operational requirements cannot be met by dedicated sys- A security evaluation of Multics for potential use as a tems because of the lack of information sharing. It has two-level (Secret / Top Secret) system in the Air Force been estimated by the Electronic Systems Division (ESD) Data Services Center (AFDSC) is presented. An overview sponsored Computer Security Technology Panel [10] that is provided of the present implementation of the Multics these additional costs may amount to $100,000,000 per Security controls. The report then details the results of a year for the Air Force alone. penetration exercise of Multics on the HIS 645 computer. In addition, preliminary results of a penetration exercise 1.2 Requirement for Multics Security of Multics on the new HIS 6180 computer are presented. Evaluation The report concludes that Multics as implemented today is not certifiably secure and cannot be used in an open This evaluation of the security of the Multics system use multi-level system. However, the Multics security was performed under Project 6917, Program Element design principles are significantly better than other con- 64708F to meet requirements of the Air Force Data Ser- temporary systems. Thus, Multics as implemented today, vices Center (AFDSC). AFDSC must provide responsive can be used in a benign Secret / Top Secret environment. interactive time-shared computer services to users within In addition, Multics forms a base from which a certifiably the Pentagon at all classification levels from unclassified to secure open use multi-level system can be developed.
    [Show full text]
  • Towards Comprehensible and Effective Permission Systems
    Towards Comprehensible and Effective Permission Systems Adrienne Porter Felt Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2012-185 http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-185.html August 9, 2012 Copyright © 2012, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Towards Comprehensible and Effective Permission Systems by Adrienne Porter Felt A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the GRADUATE DIVISION of the UNIVERSITY OF CALIFORNIA, BERKELEY Committee in charge: Professor David Wagner, Chair Professor Vern Paxson Professor Tapan Parikh Fall 2012 Towards Comprehensible and Effective Permission Systems Copyright c 2012 by Adrienne Porter Felt Abstract Towards Comprehensible and Effective Permission Systems by Adrienne Porter Felt Doctor of Philosophy in Computer Science University of California, Berkeley Professor David Wagner, Chair How can we, as platform designers, protect computer users from the threats associated with ma- licious, privacy-invasive, and vulnerable applications? Modern platforms have turned away from the traditional user-based permission model and begun adopting application permission systems in an attempt to shield users from these threats. This dissertation evaluates modern permission systems with the goal of improving the security of future platforms.
    [Show full text]
  • 1. Introduction
    Network Operating Systems Partha Dasgupta Department of Computer Science and Engineering Arizona State University Tempe AZ 85287-5406 USA [email protected] [Note: Written in 1997, Appeared in Encyclopedia of Electrical Engineering] 1. Introduction Network Operating Systems extend the facilities and services provided by computer operating systems to support a set of computers, connected by a network. The environment managed by a network operating system consists of an interconnected group of machines that are loosely connected. By loosely connected, we mean that such computers possess no hardware connections at the CPU – memory bus level, but are connected by external interfaces that run under the control of software. Each computer in this group run an autonomous operating system, yet cooperate with each other to allow a variety of facilities including file sharing, data sharing, peripheral sharing, remote execution and cooperative computation. Network operating systems are autonomous operating systems that support such cooperation. The group of machines comprising the management domain of the network operating system is called a distributed system. A close cousin of the network operating system is the distributed operating system. A distributed operating system is an extension of the network operating system that supports even higher levels of cooperation and integration of the machines on the network (features include task migration, dynamic resource location, and so on) (1,2). An operating system is low-level software controlling the inner workings of a machine. Typical functions performed by an operating system include managing the CPU among many concurrently executing tasks, managing memory allocation to the tasks, handling of input and output and controlling all the peripherals.
    [Show full text]
  • NWG/RFC# 752 MRC 2-Jan-79 01:22 Nnnnn a Universal Host Table
    NWG/RFC# 752 MRC 2-Jan-79 01:22 nnnnn A Universal Host Table Network Working Group Mark Crispin Request for Comments 752 SU-AI NIC nnnnn 2 January 1979 A Universal Host Table ABSTRACT: The network host table in use at MIT and Stanford is described. This host table is superior to the NIC and Tenex host tables in several ways. A binary file, compiled from this host table, is also described. This file is used by subsystems on MIT's ITS and Stanford's WAITS timesharing systems for efficiency in host and network lookups. HISTORY: As with many other sites on the Arpanet, we found the NIC's host table unsuited to our needs. Part of the problem was because the NIC host table was often inaccurate and all too often failed to include several nicknames in common usage in our communities. In addition, the NIC host table's format was awkward for user programs to use, especially those which wanted to have the host table mapped into memory in some sort of structured binary form for efficient lookups. Finally, the NIC host table neglects to include some essential information. The ITS host table was originally designed to be compiled along with a network handling program (MIDAS, the PDP-10 assembler used, has a pseudo-op to insert a file into an assembly). In order to make the host table palatable to the assembler, every comment line began with a semicolon, and every actual data line began with the word HOST. Each program which used the host table defined HOST as an assembly macro before inserting the host table into the assembly.
    [Show full text]
  • Multics Extended I Mail System . User's Guide
    HONEYWELL MULTICS EXTENDED I MAIL SYSTEM . USER'S GUIDE SOFTWARE MULTICS EXTENDED MAIL SYSTEM USER'S GUIDE SUBJECT Tutorial Introduction to the Multics Extended Electronic Mail System SPECIAL INSTRUCTIONS Refer to the Preface for ttSignificant Changes". This document supersedes Order No. CH23, Revision 0, dated September 1981. The manual has been extensively revised. Change bars in the margins indicate technical changes and additions; asterisks denote deletions. This manual assumes basic knowledge of the Multics system provided by the 2-volume set, New Users' Introduction to Multics - Part I Order No. CH24 and Part II Order No. CH25. SOFTWARE SUPPORTED Multics Software Release 10.1 ORDER NUMBER CH23-01 February 1983 Honeywell PREFACE The purpose of this manual is to help you become familiar with the Multics extended electronic mail system. This manual provides you with an illustrated discussion of the print mail and read mail commands for receiving mail, the send mail command for creating and sending mail, and a large variety of useful requests and control arguments to aid you in utilizing the full capacity of the extended mail system. Readers are expected to know the Multics concepts and terms described in the 2-volume set, New Users' Introduction to Multics (Order Nos. CH24 and CH25). These two manuals are referred to throughout this manual as the New Users' Intro - Part I and Part II. Also very useful is the Qedx Text Editor Users' Guide (Order No. CG40) which is referred to as the Qedx Users' Guide. Section 1 of this manual introduces the Multics extended mail system. Section 2 reviews the print_mail command.
    [Show full text]
  • US Department of the Interior Geological Survey Mail Stop 964 Box 25046, Federal Center'denver, Colorado 80225
    U.S. Department of the Interior Geological Survey Mail Stop 964 Box 25046, Federal Center 'Denver, Colorado 80225 Program MARQDCLAG: Marquardt inversion of DC-Schlumberger soundings by lagged-convolution by Walter L. Anderson Open-File Report 79-1432 1979 Multics Documentation Page 2 Program MARQDCLAG CONTENTS DISCLAIMER 3 INTRODUCTION * 4 PARAMETERS AND DATA REQUIRED 5 PROGRAM FILES 5 DETAIL PARAMETER AND DATA DEFINITIONS 6 $parras parameters 6 $init parameters 10 DATA MATRIX NOTES 11 EXAMPLES OF INPUT PARAMETERS AND DATA ORDERING 11 SPECIAL OBJECT FORMAT PHRASES 12 MULTICS OPERATING INSTRUCTIONS 12 ERROR MESSAGES 13 PRINTED RESULTS ]4 REFERENCES 16 Appendix 1.-- Source listing 17 Source availability 17 Appendix 2.-- Conversion to other systems 53 Appendix 3.-- Test problem input/output listing 54 Multics Documentation Page 3 Program MARQDCLAG DISCLAIMER This program was written in Fortran IV for a Honeywell Multics 68/80 system*. Although program tests have been made, no guarantee (expressed or implied) is made by the author regarding accuracy or proper functioning of this program on all computer systems. * Brand or manufacturers' names used in this report are for descriptive purposes only and do not constitute endorsement by the U.S. Geological Survey. Multics Documentation Page 4 Program MARQDCLAG By Walter L. Anderson INTRODUCTION Program MARQDCLAG is a general-purpose program for the least squares inversion of direct-current (DC) Schlumberger sounding data obtained over one-dimensional horizontally stratified earth models. A modified Marquardt (1963) nonlinear least squares algorithm (MARQRT) is used for inversion of Schlumberger soundings. A digital filter developed by Anderson (1975) is employed, along with a fast lagged-convolution adaptive algorithm (RLAGH1), to efficiently and accurately evaluate the necessary Hankel transform integrals for a Schlumberger array configuration (see for example, Zohdy, 1975, p.
    [Show full text]
  • The Evolution of the Unix Time-Sharing System*
    The Evolution of the Unix Time-sharing System* Dennis M. Ritchie Bell Laboratories, Murray Hill, NJ, 07974 ABSTRACT This paper presents a brief history of the early development of the Unix operating system. It concentrates on the evolution of the file system, the process-control mechanism, and the idea of pipelined commands. Some attention is paid to social conditions during the development of the system. NOTE: *This paper was first presented at the Language Design and Programming Methodology conference at Sydney, Australia, September 1979. The conference proceedings were published as Lecture Notes in Computer Science #79: Language Design and Programming Methodology, Springer-Verlag, 1980. This rendition is based on a reprinted version appearing in AT&T Bell Laboratories Technical Journal 63 No. 6 Part 2, October 1984, pp. 1577-93. Introduction During the past few years, the Unix operating system has come into wide use, so wide that its very name has become a trademark of Bell Laboratories. Its important characteristics have become known to many people. It has suffered much rewriting and tinkering since the first publication describing it in 1974 [1], but few fundamental changes. However, Unix was born in 1969 not 1974, and the account of its development makes a little-known and perhaps instructive story. This paper presents a technical and social history of the evolution of the system. Origins For computer science at Bell Laboratories, the period 1968-1969 was somewhat unsettled. The main reason for this was the slow, though clearly inevitable, withdrawal of the Labs from the Multics project. To the Labs computing community as a whole, the problem was the increasing obviousness of the failure of Multics to deliver promptly any sort of usable system, let alone the panacea envisioned earlier.
    [Show full text]
  • Langley Vedit for Nos/Ve Usage Manual
    NASA Technical Memorandum 100499 LANGLEY VEDIT FOR NOS/VE USAGE MANUAL M. A. HEANEY SEPTEMBER 1987 {NASil-T@-700499) LANGLEY VLDIT FOR NOS;/VE N87-38098 USAGE MANUAL [NASA) 40 p Avail: NTLS HC A03/MF A01 CSCL 1)gd Uncla s i;3/61 0103541 National Aeronautics and Space Administration LMlgleyResestchCecllW Hampton. Virginia 23665 RELATED MANUALS XEDIT Version 3 Reference Manual. Control Data Corporation Publication Number 60455730, 1984. Langley XEDIT Reference Manual. Central Scientific Computer Complex Documentation N-7a, 1984. SCL Language Definitionflsage. Control Data Corporation Publication Number 60464013, 1986. SCL System Interfaceflsage. Control Data Corporation Publication Number 60464014, 1986. SCL Quick Reference. Control Data Corporation Publication Number 60464018, 1986. SCL Advanced File Managementflsage. Control Data Corporation Publication Number 60486413, 1986. i CONTENTS INTRODUCTION ........................ 1 AUDIENCE ....................... 1 VEDITFEATURES .................... 1 REFERENCE MANUALS CONVENTIONS ............. 1 CALLINGVEDIT ....................... 3 INITIATING VEDIT ................... 3 INTERACTIVE USAGE OF VEDIT .............. 3 VED IT CONVENTI ONS ..................... 4 VEDIT COMMAND SYNTAX ................. 4 ENTERING EDITING DATA ................. 4 POSITIONING THE FILE POINTER ................ 5 LOCATING LINES VIA SPECIFIED STRINGS ......... 5 ADVANCING AND REVERSING THE POINTER .......... 5 POSITIONING POINTER AT TOP AND BOTTOM OF THE FILE ... 5 POSITIONING POINTER BY LISTING LINES ......... 6 STRINGEDITING
    [Show full text]
  • Lessons from the Multics Security Evaluation
    Thirty Years Later: Lessons from the Multics Security Evaluation Paul A. Karger Roger R. Schell IBM Corp., T. J. Watson Research Center Aesec Corporation Yorktown Heights, NY 10598 Pacific Grove, CA 93950 [email protected] [email protected] ABSTRACT 2 Multics Security Compared to Now Almost thirty years ago a vulnerability assessment of Multics offered considerably stronger security than Multics identified significant vulnerabilities, despite the most systems commercially available today. What factors fact that Multics was more secure than other contempo- contributed to this? rary (and current) computer systems. Considerably more important than any of the individual design and imple- mentation flaws was the demonstration of subversion of 2.1 Security as a Primary Original Goal the protection mechanism using malicious software (e.g., Multics had a primary goal of security from the very trap doors and Trojan horses). A series of enhancements beginning of its design [16, 18]. Multics was originally were suggested that enabled Multics to serve in a rela- conceived in 1965 as a computer utility – a large server tively benign environment. These included addition of system on which many different users might process data. “Mandatory Access Controls” and these enhancements This requirement was based on experience from develop- were greatly enabled by the fact the Multics was designed ing and running the CTSS time sharing system at MIT. from the start for security. However, the bottom-line con- The users might well have conflicting interests and there- clusion was that “restructuring is essential” around a fore a need to be protected from each other – a need quite verifiable “security kernel” before using Multics (or any like that faced today by a typical Application Service Pro- other system) in an open environment (as in today’s vider (ASP) or Storage Service Provider (SSP).
    [Show full text]
  • Multics Technical Bulletin MTB-424 To: Distribution From: Steve Webber Date: 08/28/79 Subject: Multics on ADP -- Software Releas
    Multics Technical Bulletin MTB-424 To: Distribution From: Steve Webber Date: 08/28/79 Subject: Multics on ADP -- Software Release 10.3 EPS-1 Attached is a draft of the Software EPS-1 for Multics ADP. Several assumptions are made that may not be valid. These are: - There will not be an absolute requirement for object level compatibility of user programs. This deviation from the standard compatibility constraint is not limited to the removal of read-alter-rewrite but also includes formats of bit offsets as stored in pointers; changes to IDCW formats; and clock reading. - The first customer ship CFCS) release of ADP will be 3082. The performance of Multics on ADP for first customer ship is not important to worry about (since we can not compare it to nonexistent data on the current hardware it is silly to project a required comparative performance level). - The simultaneous execution of the Functional Test System (FTS) (on-line T&D running under its own operating system in the mainframe) and Multics under control of some form of hypervisor is not necessary for first customer ship (i.e., the hypervisor is not part of the first system shipped). Multics Project internal working documentation. Not to be reproduced or distributed outside the Multics project. Page 2 MTB-424 INTRODUCTIO!J This EPS describes the major changes planned for the Multics software so that it will run on the ADP hardware. There are unavoidable incompatibilities that will result from the current plan but it is assumed that these are acceptable. The incompatibilities are occasionally reflected to user programs.
    [Show full text]